What is CVE-2026-34203?

CVE-2026-34203 is a low-severity vulnerability in Nautobot, classified under Weak Password Requirements. CVSS score: 2.7/10. Published 2026-03-31.

How severe is CVE-2026-34203?

Low severity. CVSS v3 base score is 2.7 out of 10.

Vulnerability in Nautobot

CVE-2026-34203

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATOR…

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N.

Affected products

Nautobot — versions < 2.4.30, >= 3.0.0, < 3.0.10

Weakness classification (CWE)

CWE-521 — Weak Password Requirements

References

https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873 (x_refsource_CONFIRM)
https://github.com/nautobot/nautobot/pull/8778 (x_refsource_MISC)
https://github.com/nautobot/nautobot/pull/8779 (x_refsource_MISC)
https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598 (x_refsource_MISC)
https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34203?: CVE-2026-34203 is a low-severity vulnerability in Nautobot, classified under Weak Password Requirements. CVSS score: 2.7/10. Published 2026-03-31.
How severe is CVE-2026-34203?: Low severity. CVSS v3 base score is 2.7 out of 10.